Thousands of computers got infected with WannaCry 2.0/WannaCrypt ransomware on Friday May 12, 2017. This attack is still under progress.
Why is it worst?
This is one of the worst cyber ransomware attacks that infects the Windows based computers that are not patched with the EternalBlue Windows patch released in March 2017. This ransomware does not spread through a malicious link, attachment or website. It spreads on its own by crawling all computers connected on a network/internet. It is a worm.
What does it do?
This ransomware infects the computer and encrypts all its files. Which means the encrypted files become inaccessible or not readable.
Can I fix encrypted files?
You can not fix encrypted files as of today. Companies are trying to decode the encryption but a breakthrough is yet to come.
Which computers are susceptible to this attack?
Any Windows operating system based computers that are not patched with the March 2017 EternalBlue vulnerability patch. All Windows machines that were not started after March or do not have auto Windows update ON are susceptible to the attack.
How do I Avoid this ransomware or protect my computer(s)?
Use the following instructions to avoid the attack, if your computer is not already attacked. First of all disconnect all computers from the network that are not patched with the security update.
These instructions were good on May 13, 2017. You might get a better solution today.
Option 1: Protect all computers in an organization
Disclaimer: Every organization is different. If you need expert help, contact us. These instructions may or may not be applicable to your organization.
- Turn on the firewall and deny all SMBv1, SMBv2, and SMBv3 protocols.
- Use Microsoft update service to patch all computers. Instructions are available here.
- Apply available updates from here.
- Contact CDSBureau contact@cdsbureau.com for more information.
Option 2: If you also have another patched Windows or Linux, Mac, Unix machine (other machine)
- If you are not aware of your Windows operating system, then follow these steps otherwise skip to step 2:
- On your other machine visit Microsoft site and find instructions to find the operating system. Store those instructions in a file or print them for reference.
- Turn off your router and WiFi so your machine is not on the internet.
- Turn on your windows machine.
- Follow the stored instructions to find your Operating System
- Note down your operating system and its version.
- Turn your Windows computer’s WiFi off or disconnect its LAN cable. OR just turn the machine off.
- Turn on the router and WiFi.
- Use the other machine to download the patch from the Microsoft site. Choose your operating system related files only. Remember to download all files.
- Copy them to a DVD or USB drive.
- Turn off your router / WiFi.
- Turn on your Windows machine and insert the USB drive.
- Login as admin and navigate to the USB drive through the Windows explorer
- Double click first file and install the update. Repeat this with all downloaded update files.
- If any file fails, repeat this process from step 1.
- Run the Windows update manager and verify that no new update is needed.
- Turn automatic updates ON and periodically turn on your computer to get updated. Here are the instructions that you can access after turning ON your router.
- Congratulations!!!! You are now safe from WannaCrypt attack.
Option 3: If you do not have any additional computer to download the patch
- Turn off your router or cable modem.
- Turn ON your Windows machine.
- Take a Full Backup of your machine. If you can not take the backup or you did not set the backup earlier, just copy important files to DVD or USB drive.
- Turn off the SMBv1/SMBv2/SMBv3 using these Microsoft instructions.
- Turn on the router/cable modem.
- Run Windows Update manager and install update or use these instructions.
- Once done updating enable SMBv2 and SMBv3 using the instructions in Step-4.